#101 Kerberos Authentication

[BruceS]

I previously submitted this patch under a different SF account as patch #1579599. That patch was not created against a tagged version of jtds so it was difficult to apply to the source.

This patch is for the 1.2.2 release.

The jTDS Kerberos implementation comprises three main
changes to the jTDS code:
1. A new class net.sourceforge.jtds.jdbc.JtdsGSS.
2. Changes to a few lines of the
TdsCore.sendMSLoginPkt method.
3. Addition of a new property - "useKerberos"
(boolean) - I used the "useNTLMV2" property as an
example (i.e. changes to Driver, JtdsDataSource,
Messages.properties etc.).

Documentation is in ./html/kerberos.html.

[BruceS]

JtdsGSS unified diff patch for 1.2.2

[momo]

This feature has been requested a number of time, maybe there is a Java 1.3 compliant solution?

[momo]

Kerberos support has been added with jTDS 1.3.1.

[Anonymous]

Great to know jTDS1.3.1 supporting kerberos, but there is one problem about using it in cross realm, described as follows.

1. SQLServer runs on realm under foo.com, with pricipal name MSSQLSvc/host:port@foo.com
2. but the client runs on bar.com
3. jTDS always picks up the default realm to construct service principal name, which is MSSQLSvc/host:port@bar.com

as a result, the principal used to get service ticket will be MSSQLSvc/host:port@bar.com instead of MSSQLSvc/host:port@foo.com, so authentication would fail with error message "No server found in database"

For fixing this issue, would you please add one property to let user specifying SQLServer principal name from outside, just taking it as the common property as host or port.

[Anonymous]

Can anyone answred this last question? I am looking for an answer on this. Please help.